He once ran programmatic advertising at one of the world’s largest news publishers – so what does Matt Prohaska think about the impending final deadline for compliance with new-look global consumer data protection legislation?
“Belated” and “complacent” would seem to sum up his view of many publishers’ readiness for the European Commission’s new General Data Protection Regulation (GDPR).
“There are still some publishers that haven’t gotten off the mat and gotten even reviewing their compliance, reviewing what their DMPs (data management platforms) are doing right now,” says Prohaska, who once worked at The New York Times and who now leads his own consultancy, in this video interview with Beet.TV.
So, what is GDPR? A new piece of EC law that came in to effect back in 2016, updating prior consumer data protection rules in a significant way. Now any global company which handles EU citizens’ data must comply with a new and more stringent set of demands:
- tighter consent conditions for the collection of citizens’ data.
- consumers can instruct companies to stop processing their data.
- automated decision-making and profiling decisions must be made clear.
- consumers can request decisioning by automated processes be stopped and handled by a human instead.
- they have the right to request an explanation of automated decision-making.
- they can request free access, rectification and deletion of data.
Just because GDPR operates across Europe, that doesn’t mean companies elsewhere are unaffected. Any company handling EU citizens’ personal data risk a fine of up to 4% of global turnover, to a maximum €20 million, for non-compliance.
Still, some US publishers seem to be comically, if worryingly, unprepared. Summing up an attitude often heard, Prohaska reports: “It’s a, ‘Yeah, there’s no way they’re gonna do this, really, and ding someone’, or, ‘They’re gonna get one and make a statement, but that’s not gonna be us’. We think those folks are in trouble. They’re going to be sorely mistaken.”
European publishers may have a head-start on GDPR thanks to historical privacy regulation that had pointed in the same direction.
“There are some that we know that have been preparing for this for about a year, plus,” Prohaska says. “Just a couple of months after the regulation came out, back in April of 2016. And they’ve got a data compliance officer in place, they’ve worked on this with their ad product team, so they know when they’re going to engage.
“Most publishers, at least that are European-based or headquartered or where the majority of their audience is, are getting set up and fine,” Prohaska says. “Fortunately, there has been some practice, already, where a lot of the European-based publishers that have the heads-up, ‘Hey, we’re going to be dropping cookies on your browser, is that okay?'”
Specifically, that was the previous EU Cookie Directive, which was adopted in 2011, rather than GDPR, which is much wider-ranging, but the direction of travel was similar.
Whilst some practitioners, especially those in the US, seem to be treating GDPR as simply akin to same kind of European regulatory over-bearishness which they have long had to suffer (in other words, little change), the ramifications could be deeper than that.
The emphasis is on obtaining more explicit consent from consumers, and giving them more control over how consented-to data processing is carried out in future.
Many believe GDPR will precipitate a shift in fundamental marketing practice, from targeting consumer behaviors and characteristics to targeting real consumer profiles, will come about.
Says Prohaska: “We think that, in 18 months, the days of cookie-fishing and buying in the open auction and dropping tags and banners only just to be able to re-target, are probably done, or severely minimized.
“The good news is that (this is) for the good of the industry, for the good of consumers, for the good of this whole ecosystem. (This is) the way it should have been to begin with. We didn’t have a great opt-out system and so the pendulum swing now says, ‘Okay, it’s going to be a little more painful in opt-in and you’ve got to let everyone know up-front.”